Mod Security Logging Page Loads as Unsuccessful Logins?
-
Has anyone else encountered an issue with mod_security logging each page view as an unsuccessful login attempt? My host keeps locking me out of one of the sites on which I have this plugin installed, because mod_security is logging an unsuccessful login attempt every time I load a page in WordPress after logging in.
Following is an excerpt from the log information my host provided me:
[Mon May 06 07:49:57 2013] [error] [client XXX.XX.XXX.XX] ModSecurity: Warning. Operator GT matched 0 at USER:bf_block. [file "/usr/local/apache/conf/includes/pre-virtual.d/modsec_custom.conf"] [line "13"] [id "2"] [msg "ip address blocked for 5 minutes, more than 15 login attempts in 3 minutes."] [hostname "subdomain.example.com"] [uri "/wp-login.php"] [unique_id "UYem9TIXyfQAAC3GW0AAAABC"] [Mon May 06 11:26:56 2013] [error] [client XXX.XX.XXX.XX] ModSecurity: Warning. Operator GT matched 5 at IP:bf_counter. [file "/usr/local/apache/conf/includes/pre-virtual.d/modsec_custom.conf"] [line "18"] [id "4"] [msg "failed wp-login login attempt"] [hostname "subdomain.example.com"] [uri "/wp-login.php"] [unique_id "UYfZ0DIXyfQAAEfMFdcAAAAb"] [Mon May 06 11:28:01 2013] [error] [client XXX.XX.XXX.XX] ModSecurity: Warning. Operator GT matched 0 at USER:bf_block. [file "/usr/local/apache/conf/includes/pre-virtual.d/modsec_custom.conf"] [line "13"] [id "2"] [msg "ip address blocked for 5 minutes, more than 15 login attempts in 3 minutes."] [hostname "subdomain.example.com"] [uri "/wp-login.php"] [unique_id "UYfaETIXyfQAAFYqqikAAAA0"]
If I disable the Network Privacy plugin, I don’t seem to get locked out by my host.
Is this some sort of an issue with the way the plugin and/or WordPress runs the authentication verification, or is this possibly something mis-configured in my host’s mod_security settings (they supposedly have it set up so that multiple unsuccessful login attempts from the same IP automatically lock that IP out of the site for a period of time)?
Thanks for any advice or direction you can provide.
- The topic ‘Mod Security Logging Page Loads as Unsuccessful Logins?’ is closed to new replies.